Got a tip for us? Share it...

New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

Adobe Releases Flash Player Update to Patch Security Holes as Apple Blocks Earlier Versions

As noted by Ars Technica, Adobe late yesterday issued a security bulletin announcing that it was releasing updates to Flash Player in order to address a pair of security vulnerabilities targeting Mac and Windows users.
Adobe is also aware of reports that CVE-2013-0634 is being exploited in the wild in attacks delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform, as well as attacks designed to trick Windows users into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content.
Users can manually download the new 11.5.502.149 version of Flash Player from Adobe's site, or those who have specified that Adobe may update Flash Player automatically may simply allow it to do so.

In response to the issue, Apple has updated its Xprotect anti-malware system to enforce new minimum version requirements blocking all previous versions of Flash Player. Apple has used the system several times over the past month to block vulnerable versions of Java.

flash_player_blocked_mac
Apple has also posted a new support document addressing the issue and explaining to users how to update Flash Player when they discover that the plug-in has been blocked.

Top Rated Comments

(View all)

20 months ago
Apple needs to stop blocking software. If they want to display a warning, fine. But for people who rely on their computers to do actual work, it isn't acceptable for them to keep disabling software that many people use and need on a daily basis. Inform people of the vulnerability and give them the option of disabling it.
Rating: 25 Votes
20 months ago
This is why Apple have been fighting for a plugin-free web.

It's certainly cost them sales (not having flash and to a lesser extent Java on iOS devices, for example), but it's worth it. I'm glad they didn't take the easy road.
Rating: 20 Votes
20 months ago

Tried to open the download link.
"Your Google Chrome browser already includes Adobe® Flash® Player built-in. Google Chrome will automatically update when new versions of Flash Player are available." :cool:


Yeah, all versions of Chrome come with an internalized Flash instance separate from the OS. So, for someone like autrefois who wants to run an insecure plugin, they can just use Chrome.

Funny how the devs do this for Flash, but continue to take a stand against a real standard like H.264. :rolleyes:

Apple needs to stop blocking software.


No, people need to stop making users "do actual work" using poor platform choices and insecure software. Flash and Java's times are over. I'm glad Apple is doing this, because it highlights the fact that these plugins need to go.
Rating: 18 Votes
20 months ago
Does anybody use flash anymore ? I been blocking flash for 4 years
Rating: 13 Votes
20 months ago

Flash, Flash, why do you crash?


My poor keyboard, you make me smash.
Rating: 12 Votes
20 months ago
Flash, Flash, why do you crash?
Rating: 12 Votes
20 months ago
Apple can go ahead and keep blocking Flash.
Rating: 11 Votes
20 months ago
Flash is the cáncer of OS X.
Rating: 9 Votes
20 months ago
Flash & Java are usually replaceable with HTML 5 + Javascript. The only time I can think of Java being more convenient is for the more direct hardware access, but this is precisely why it's so dangerous!

I'm pretty sure we could do away with these technologies and still have a web functioning pretty much like today, only with less crashes, less resource requirements, and better mobile platform support.

Flash isn't supported by iOS, Android since 4.1, or Windows Phone 8. It's ridiculous that web designers still use the technology.
Rating: 9 Votes
20 months ago

This. Although I wasn't working, I did find it annoying that a lot of the websites I visited that needed the adobe plug-in where completely useless because of this block.


This seems to be the only way things have been getting fixed tho...
Rating: 7 Votes

[ Read All Comments ]